PPTP works but L2TP Does Not
I have setup RRAS on Server 2012 R2 specifically using L2TP as the primary connection in for remote access.
I also enabled port forwarding on the router to be directed to the server hosting RRAS. We were initially using an old outdated router and found out it didn't support L2TP so it was replaced, however, we still cannot get this to work.
RRAS Setup:
Enabled for IPv4 using a static DHCP Address Pool
Authentication provider is windows authentication
Accounting provider is windows accounting
Preshared key has been setup
The ports I forwarded are:
L2TP port 1701 UDP
Port 500 UDP
Port 4500 UDP
I also tried TCP/UDP on these ports and still unable to connect.
VPN End User setup:
Setup for L2TP
Requires encryption
Setup to use CHAP and MS-CHAP v2
Also tried using EAP-MSCHAP but no change
Ensured I entered the correct Preshared key for L2TP
Confirmed RRAS is OK as I have been able to get PPTP working without issue.
When we try to connect to L2TP it hangs on connecting......
We've exhausted our resources on solving this issue at this point.
Thanks!
I also enabled port forwarding on the router to be directed to the server hosting RRAS. We were initially using an old outdated router and found out it didn't support L2TP so it was replaced, however, we still cannot get this to work.
RRAS Setup:
Enabled for IPv4 using a static DHCP Address Pool
Authentication provider is windows authentication
Accounting provider is windows accounting
Preshared key has been setup
The ports I forwarded are:
L2TP port 1701 UDP
Port 500 UDP
Port 4500 UDP
I also tried TCP/UDP on these ports and still unable to connect.
VPN End User setup:
Setup for L2TP
Requires encryption
Setup to use CHAP and MS-CHAP v2
Also tried using EAP-MSCHAP but no change
Ensured I entered the correct Preshared key for L2TP
Confirmed RRAS is OK as I have been able to get PPTP working without issue.
When we try to connect to L2TP it hangs on connecting......
We've exhausted our resources on solving this issue at this point.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you try to connect from LAN using the local IP?
ASKER
Turns out there was no passthrough on the supporting router. Setup was correct, came down to a hardware issue.
and the concept has been declared invalid (mathematically about 20 years ago?)
Check Bruce Sneier & Moxi MarlinSpike together with PPTP....
I think somewhere in 2011 even microsoft gave up on PPTP as a secure tunnel......
( it works, but the RC4 is used in a wrong way and MSCHAP2 used for athentication makes it possible to enumerate accounts & passwords quite fast. In 2010 -2012 there was a site where you could get a PPTP broken within 48 hours guaranteed, often much faster..., you just had to may compute fees for amazon).
Ok that said...
the L2TP packets are sent though the tunnel, so no port forward needed. IKE & IPSEC ovet NAT (port 500 & port 4500 both UDP are needed).
TCP is NOT used for this to those can be removed again.
Try stepwise: Firste get IPSEC Phase one (IKE running), if that works go for Phase 2 IPSEC Tunnel. Then try to use it...
You may want to make a network trace (wireshark) and validate that UDP 500 & UDP 4500 packets DO travel...